DASP: A Framework for Driving the Adoption of Software Security Practices

Vargas, Enrique Larios; Elazhary, Omar; Soroush, Yousefi,; Lowlind, Derek; Vliek, Michael; Storey, Margaret-Anne

doi:10.1109/tse.2023.3235684

Cited by 6 publications

(6 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A study in [139] offers support for developers and tool recommendations, containing much valuable practitioner experience, but little objective assessment of the advice provided. On the other hand, seven considerations(categories) that organizations and stakeholdersneed to pay attention to in order to foster the adoption of software security practices by developers have been highlighted in [8]. Figure 3 shows this list of these seven categories.…”

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

“…Figure 3 Consideration to foster the adoption of software security practices [8] In order to better understand SSDLC, there is need to analyze the existing SSDLC models. These models include System security engineering capability maturity model (SSE-CMM), Microsoft security development lifecycle (MS-SDL) and Software assurance maturity model (SAMM).…”

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

“…As pointed out in [134], the process of identifying specific kinds of security issues for a given project is an important assurance technique for security. As such, the authors in [8] have proposed DASP, a framework for diagnosing and driving the adoption of software security practices among developers. Table 4 gives a summary of these techniques and their associated weaknesses.…”

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

“…Software security is one of the most critical concerns in modern software development [8]. This is because flawed applications have been shown to exhibit unpredictable behavior.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Security risks in the software development lifecycle: A review

Odera¹,

Otieno²,

Ounza³

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Software security is one of the most critical concerns in modern software development, especially in safety-critical systems whose failure can lead to environmental damage, substantial property, or loss of human lives. In addition, flawed applications have been shown to exhibit unpredictable behavior while software products with numerous vulnerabilities present attack vectors that can be exploited by attackers. To address some of these problems, vulnerability prediction has been deployed for early detection of security risks in the software development lifecycle (SDLC). This can potentially facilitate decision making during the SDLC, resulting in the production of more secure software. Prioritizing security during SDLC permits developers and stakeholders to identify and resolve possible security concerns early on in the process. The aim of this paper is therefore to offer some in-depth review of software systems security issues. In addition, the various measures that have been put in place to mitigate security issues during SDLC are discussed.

show abstract

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

“…Software security is one of the most critical concerns in modern software development [8]. This is because flawed applications have been shown to exhibit unpredictable behavior.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security risks in the software development lifecycle: A review

Odera¹,

Otieno²,

Ounza³

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

show abstract

“…Coding Practices Focus on writing code that is resistant to various types of attacks. Includes proper input validation, output sanitization, secure error handling, secure memory management, and protection against common vulnerabilities such as injection attacks, cross-site scripting (XSS), and buffer overflows [156].…”

Section: Securementioning

confidence: 99%

Theory and practice in secure software development lifecycle: A comprehensive survey

Otieno¹,

Odera²,

Ounza³

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.

show abstract

Exploring Human-AI Collaboration in Agile: Customised LLM Meeting Assistants

Cabrero-Daniel,

Herda,

Pichler

et al. 2024

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

This action research study focuses on the integration of “AI assistants” in two Agile software development meetings: the Daily Scrum and a feature refinement, a planning meeting that is part of an in-house Scaled Agile framework. We discuss the critical drivers of success, and establish a link between the use of AI and team collaboration dynamics. We conclude with a list of lessons learnt during the interventions in an industrial context, and provide a assessment checklist for companies and teams to reflect on their readiness level. This paper is thus a road-map to facilitate the integration of AI tools in Agile setups.

show abstract

DASP: A Framework for Driving the Adoption of Software Security Practices

Cited by 6 publications

References 46 publications

Security risks in the software development lifecycle: A review

Security risks in the software development lifecycle: A review

Theory and practice in secure software development lifecycle: A comprehensive survey

Exploring Human-AI Collaboration in Agile: Customised LLM Meeting Assistants

Contact Info

Product

Resources

About